package com.usian.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class TestController {


    @GetMapping("/h1")
    public String h1() {
        return "h1";
    }

    //拥有admin sale 角色都可以访问查询方法
    @Secured({"ROLE_admin","ROLE_sale"})
    @RequestMapping("/query")
    public String query(){
        return "query";
    }

    //拥有admin角色 才能新增
    @Secured("ROLE_admin")
    @RequestMapping("/add")
    public String add(){
        return "add";
    }

    //有admin 角色 或  有 admin权限  boge  longge
    @PreAuthorize("hasRole('ROLE_admin') or hasAnyAuthority('admin')")
    //@PreAuthorize("hasAnyAuthority()")
    @RequestMapping("/update")
    public String update(Integer id){
        return "update";
    }

    //有 sale角色 且 有cart权限   longge
    @PreAuthorize("hasAnyRole('ROLE_sale') and hasAnyAuthority('cart')")
    @RequestMapping("/delete")
    public String delete(){
        return "delete";
    }
}
